How to Scan Docker Images Using “aquasec/trivy

0 0

Scanning Cloud Hosted WordPress application images:

ubuntu@thedatabasengineer-1:~$ sudo docker run –rm -v /var/run/docker.sock:/var/run/docker.sock -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy  nginx:1.15.12-alpine

2022-01-21T21:10:34.894Z        WARN    The root command will be removed. Please migrate to ‘trivy image’ command. See https://github.com/aquasecurity/trivy/discussions/1515

2022-01-21T21:10:34.910Z        INFO    Detected OS: alpine

2022-01-21T21:10:34.910Z        INFO    Detecting Alpine vulnerabilities…

2022-01-21T21:10:34.913Z        INFO    Number of language-specific files: 0

2022-01-21T21:10:34.913Z        WARN    This OS version is no longer supported by the distribution: alpine 3.9.4

2022-01-21T21:10:34.914Z        WARN    The vulnerability detection may be insufficient because security updates are not provided

nginx:1.15.12-alpine (alpine 3.9.4)

===================================

Total: 38 (UNKNOWN: 0, LOW: 4, MEDIUM: 20, HIGH: 11, CRITICAL: 3)

Analyze the report and fix CVEs:

Update nginx:1.15.12-alpine to nginx:stable-alpine  in Dockerfile.

ubuntu@thedatabasengineer-1:~/wordpress$ sudo docker-compose up -d –force-recreate –no-deps webserver

ubuntu@thedatabasengineer-1:~/wordpress$ sudo  docker run –rm -v /var/run/docker.sock:/var/run/docker.sock -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy  nginx:stable-alpine

2022-01-21T21:40:40.627Z        WARN    The root command will be removed. Please migrate to ‘trivy image’ command. See https://github.com/aquasecurity/trivy/discussions/1515

2022-01-21T21:40:41.000Z        INFO    Detected OS: alpine

2022-01-21T21:40:41.001Z        INFO    Detecting Alpine vulnerabilities…

2022-01-21T21:40:41.003Z        INFO    Number of language-specific files: 0

nginx:stable-alpine (alpine 3.14.3)

===================================

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Verify Image inside container:

ubuntu@thedatabasengineer-1:~/wordpress$ sudo docker inspect webserver |grep -i image |tail -1

            “Image”: “nginx:stable-alpine”,      

Remove old image:

sudo docker rmi nginx:1.15.12-alpine

Verify WordPress Application

About Post Author

janakiram

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous post Multi node Install of EPM 11.1.2.4 on Oracle cloud infrastructure shared file system